Why we can't notify specific members about the short password problem

Crap. Posted this as a question.

Anyone using a password less than 7 letters (and numbers, too) is NAIVE...

What about having the system temporarily add Xs as placeholders at the end of old passwords that are less than 6 characters? That could then lead them to the My Account Page with instructions for them to change their password to one of 6 characters or more.

That would work even if all you as the administrator sees is hash marks.
Example: ####xx or ###xxx, etc.

Then we have something to tell people to try when they make contact with you about their old password not working. Tell them to use their old password characters plus the number of x's it takes to equal 6 characters.

My problem is that when I ask the site to send me the means to reset my password to my dlowan email, it is not doing so.


I am about to try again.

It worked with this account, though, and I was able to reset the password.

I was trying (and apparently failed) to explain that we have no way of knowing who's password is less than 6. Here's some examples from Wikipedia ( http://en.wikipedia.org/wiki/MD5#MD5_hashes ):

MD5("The quick brown fox jumps over the lazy dog")
= 9e107d9d372bb6826bd81d3542a419d6

MD5("")
= d41d8cd98f00b204e9800998ecf8427e

All we have stored is that second string of numbers and letters. As you can see, a sentence generates the same length hash as no password at all.

You said to me in an email that you got a message bu that it didn't work for you. But I think you used it wrong. If you get the message just click on the link. Then you should be logged in and you will be able to change your password.

In any case, I've been neglecting my email so if you can send a ticket to the help desk it will remind me when I go in there to solve account lockouts.

Previously I used it wrong...then "got it" and was able to log into Beta.

Now....I don't get an email from the new site at all.

I have tried 4 times.

As Borat Sister, requesting the same thing, to reset password, I was emailed immediately and was then able to change the password and log in.

But I will certainly send a ticket to the help desk.

Is it filtering the email on one of the addresses (if they are both on the same isp that would be less likely)?

Well, I have not changed any settings, and the email to do the same thing for logging in to the beta site came through ok.

My primary email (dlowan's) is via my ISP.

Borat Sister's email address is a Gmail one.


Ah....not sure if this is relevant or not, but the Help Desk acknowledgement came through fine to my dlowan email.

Your ISP might be filtering it. We'll figure it out later.

Erm...ok...what can I do about that?
Edit:
Strike that...later is fine.


Thank you.

A "hash" is a one-way function.

You can create the hash from the original text, but you cannot re-create the original text from the hash.

Also, a good hashing algorithm (and MD5 is considered "good" by the cryptography community), always results in the same length hash, no matter what the input text is. A hash from a one-character string is (theoretically) as pseudo-random as a hash from a very long string.

All of which is a long-winded way of saying "no."